Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
45
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
150
Getting Started in Bug Bounty
jr0ch17
0
130
Getting Blindly Lucky
jr0ch17
0
81
Qu'est-ce que le bug bounty?
jr0ch17
0
130
Finding 5 bugs in a single parameter
jr0ch17
0
92
Beyond the Borders of Scope
jr0ch17
0
76
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
なぜ使われないのか?──定量×定性で見極める本当のボトルネック
kakehashi
PRO
1
760
Active Directory 勉強会 第 6 回目 Active Directory セキュリティについて学ぶ回
eurekaberry
16
5.9k
Agents IA : la nouvelle frontière des LLMs (Tech.Rocks Summit 2025)
glaforge
0
370
“決まらない”NSM設計への処方箋 〜ビットキーにおける現実的な指標デザイン事例〜 / A Prescription for "Stuck" NSM Design: Bitkey’s Practical Case Study
bitkey
PRO
1
340
Microsoft Agent 365 を 30 分でなんとなく理解する
skmkzyk
1
290
pmconf2025 - 他社事例を"自社仕様化"する技術_iRAFT法
daichi_yamashita
0
490
HIG学習用スライド
yuukiw00w
0
110
Introduction to Bill One Development Engineer
sansan33
PRO
0
330
A Compass of Thought: Guiding the Future of Test Automation ( #jassttokai25 , #jassttokai )
teyamagu
PRO
1
190
mablでリグレッションテストをデイリー実行するまで #mablExperience
bengo4com
0
470
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
9.9k
ML PM Talk #1 - ML PMの分類に関する考察
lycorptech_jp
PRO
1
490
Featured
See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
36
6.2k
Site-Speed That Sticks
csswizardry
13
990
KATA
mclloyd
PRO
32
15k
Bash Introduction
62gerente
615
210k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Done Done
chrislema
186
16k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.1k
Speed Design
sergeychernyshev
33
1.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.8k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
kakehashi
eurekaberry
glaforge
bitkey
skmkzyk
daichi_yamashita
yuukiw00w
sansan33
teyamagu
bengo4com
lycorptech_jp
kevinliebholz
csswizardry
mclloyd
62gerente
stephaniewalter
chrislema
iamctodd
geoffreycrofte
sergeychernyshev
caitiem20
productmarketing
addyosmani
